Main Vulnerability Database Vulnerabilities #VU85347

#VU85347 Unprotected storage of credentials in Rapid SCADA - CVE-2024-21869

Published: January 12, 2024

Vulnerability identifier: #VU85347

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-21869

CWE-ID: CWE-256

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Rapid SCADA

Software vendor:
Rapid Software

Description

The vulnerability allows a local attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A local attacker can view contents of the configuration file and gain access to passwords for 3rd party integration.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03